-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:174 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : apache Date : June 14, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in apache: mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator (CVE-2013-1862). A buffer overflow when reading digest password file with very long lines in htdigest was discovered (PR 54893). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862 https://bugzilla.redhat.com/show_bug.cgi?id=953729 https://issues.apache.org/bugzilla/show_bug.cgi?id=54893 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 0a8d5cf64c41a4e12a30f67eb8065117 mes5/i586/apache-base-2.2.24-0.2mdvmes5.2.i586.rpm d33ed3e074ec7c8f3463effded777228 mes5/i586/apache-devel-2.2.24-0.2mdvmes5.2.i586.rpm 9792fe8498d9e71a39e4b5ccf704163d mes5/i586/apache-doc-2.2.24-0.2mdvmes5.2.i586.rpm bdb640f694a58f5d64825506a56723bd mes5/i586/apache-htcacheclean-2.2.24-0.2mdvmes5.2.i586.rpm 9d22370a9132ce43a91d19412c7d5802 mes5/i586/apache-mod_authn_dbd-2.2.24-0.2mdvmes5.2.i586.rpm 0dd9bd4a4a6d38a3268d7a179d8841bb mes5/i586/apache-mod_cache-2.2.24-0.2mdvmes5.2.i586.rpm 694d46859c23fd52270be6ba1757b630 mes5/i586/apache-mod_dav-2.2.24-0.2mdvmes5.2.i586.rpm 249a736db45d03f089ccdda3ae121330 mes5/i586/apache-mod_dbd-2.2.24-0.2mdvmes5.2.i586.rpm 38b67619272b4d8e61b8e8ff14e326f5 mes5/i586/apache-mod_deflate-2.2.24-0.2mdvmes5.2.i586.rpm 7f228d030849af78a59ff53e6a07a142 mes5/i586/apache-mod_disk_cache-2.2.24-0.2mdvmes5.2.i586.rpm 1d74a46313851698bc52f99be5239223 mes5/i586/apache-mod_file_cache-2.2.24-0.2mdvmes5.2.i586.rpm 188eb4b82459928d64703ab09eefa49c mes5/i586/apache-mod_ldap-2.2.24-0.2mdvmes5.2.i586.rpm 708fefd12aeb979117afc60308c9be3c mes5/i586/apache-mod_mem_cache-2.2.24-0.2mdvmes5.2.i586.rpm 471ac83063e00b06d9061490f3a10dc8 mes5/i586/apache-mod_proxy-2.2.24-0.2mdvmes5.2.i586.rpm 19c14db70e9aa08ab351515ec25b4006 mes5/i586/apache-mod_proxy_ajp-2.2.24-0.2mdvmes5.2.i586.rpm 50a11fa802e8683a62f6116b854d6331 mes5/i586/apache-mod_proxy_scgi-2.2.24-0.2mdvmes5.2.i586.rpm b0086b24dfbbfde6374a00a03a1353b6 mes5/i586/apache-mod_reqtimeout-2.2.24-0.2mdvmes5.2.i586.rpm 5093914b74ea63d9df30948210d429b9 mes5/i586/apache-mod_ssl-2.2.24-0.2mdvmes5.2.i586.rpm 3d555523507643819ebc8465a9a026ca mes5/i586/apache-modules-2.2.24-0.2mdvmes5.2.i586.rpm b653a7805441bcf72c3d1dee803e594a mes5/i586/apache-mod_userdir-2.2.24-0.2mdvmes5.2.i586.rpm 9833e171f731532791c33d1e62ebd3b6 mes5/i586/apache-mpm-event-2.2.24-0.2mdvmes5.2.i586.rpm 2bfc7f5ac70f3048d20824b82989e112 mes5/i586/apache-mpm-itk-2.2.24-0.2mdvmes5.2.i586.rpm 532cab33bb165a1382dd6ac2e42fbca0 mes5/i586/apache-mpm-peruser-2.2.24-0.2mdvmes5.2.i586.rpm 09f0c608ab19ea5064256133634a4c08 mes5/i586/apache-mpm-prefork-2.2.24-0.2mdvmes5.2.i586.rpm ba6ef7e999123a63eff221bccbc86f0f mes5/i586/apache-mpm-worker-2.2.24-0.2mdvmes5.2.i586.rpm 0049e4ec81765d0b32502047abd850d1 mes5/i586/apache-source-2.2.24-0.2mdvmes5.2.i586.rpm 7ecf959b4147587469cf16b92adff125 mes5/SRPMS/apache-2.2.24-0.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: bdc282a4e5c1d88b53271b0113e27df1 mes5/x86_64/apache-base-2.2.24-0.2mdvmes5.2.x86_64.rpm c22e464d1bb4ccc4ecc194fa242f9708 mes5/x86_64/apache-devel-2.2.24-0.2mdvmes5.2.x86_64.rpm 19ca7a53af329a34320724361c856565 mes5/x86_64/apache-doc-2.2.24-0.2mdvmes5.2.x86_64.rpm bc42e2d3f34b70b793634ecdb765e247 mes5/x86_64/apache-htcacheclean-2.2.24-0.2mdvmes5.2.x86_64.rpm a328f02d6f643f0186b6f4ae5c43145c mes5/x86_64/apache-mod_authn_dbd-2.2.24-0.2mdvmes5.2.x86_64.rpm ac6be2afbc7677d09d8907defee10fe5 mes5/x86_64/apache-mod_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm 18e898fd0a675f84f260aa62e73e9954 mes5/x86_64/apache-mod_dav-2.2.24-0.2mdvmes5.2.x86_64.rpm b74a960eec0fc6f024e10bf9e4707a22 mes5/x86_64/apache-mod_dbd-2.2.24-0.2mdvmes5.2.x86_64.rpm 2b488316a95bf4bb4882fb0e840ff9d0 mes5/x86_64/apache-mod_deflate-2.2.24-0.2mdvmes5.2.x86_64.rpm 69f74b269a91b78151ea19a56b9b0016 mes5/x86_64/apache-mod_disk_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm c901a033e81e0a4917254138651c7fb6 mes5/x86_64/apache-mod_file_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm 3ca0efce8be434ec019783f2348c417d mes5/x86_64/apache-mod_ldap-2.2.24-0.2mdvmes5.2.x86_64.rpm ff0c80abb1b46a214da0776f268973d7 mes5/x86_64/apache-mod_mem_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm 2cc200c5ef5d82cf6f457049287c5d4a mes5/x86_64/apache-mod_proxy-2.2.24-0.2mdvmes5.2.x86_64.rpm f82e01672d6bc314e849e88ca2fcfb63 mes5/x86_64/apache-mod_proxy_ajp-2.2.24-0.2mdvmes5.2.x86_64.rpm 4a4bdb8077cc824d481d22a8871b0e65 mes5/x86_64/apache-mod_proxy_scgi-2.2.24-0.2mdvmes5.2.x86_64.rpm ccbd6135fd36eb9da8c058632c78fef5 mes5/x86_64/apache-mod_reqtimeout-2.2.24-0.2mdvmes5.2.x86_64.rpm d04950473b06300c1b8de8a17440bc2e mes5/x86_64/apache-mod_ssl-2.2.24-0.2mdvmes5.2.x86_64.rpm 66e20b8bb5721470518e32fde6bc4d9d mes5/x86_64/apache-modules-2.2.24-0.2mdvmes5.2.x86_64.rpm 932b1793e1b678dc2734f105d1ff4e5a mes5/x86_64/apache-mod_userdir-2.2.24-0.2mdvmes5.2.x86_64.rpm 57169646e4b18475ab1972cb5d354baf mes5/x86_64/apache-mpm-event-2.2.24-0.2mdvmes5.2.x86_64.rpm 1fc4c980bcfb14974afa69ce9e13f38c mes5/x86_64/apache-mpm-itk-2.2.24-0.2mdvmes5.2.x86_64.rpm 820939b6dff73a37962c4a6f45ef95b3 mes5/x86_64/apache-mpm-peruser-2.2.24-0.2mdvmes5.2.x86_64.rpm f504ce8c864f5a835187af0fc006a837 mes5/x86_64/apache-mpm-prefork-2.2.24-0.2mdvmes5.2.x86_64.rpm d8a91f0478204eb78f2c133e9827060f mes5/x86_64/apache-mpm-worker-2.2.24-0.2mdvmes5.2.x86_64.rpm dc27828820a3ee7dbac35a0f75508327 mes5/x86_64/apache-source-2.2.24-0.2mdvmes5.2.x86_64.rpm 7ecf959b4147587469cf16b92adff125 mes5/SRPMS/apache-2.2.24-0.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: f9883665425b2d2d4dbc825b4e379b72 mbs1/x86_64/apache-2.2.24-1.1.mbs1.x86_64.rpm bd78957b2829a18b78e55ea5114dadf5 mbs1/x86_64/apache-devel-2.2.24-1.1.mbs1.x86_64.rpm 702976d0373ebafd8cf76007abdb201a mbs1/x86_64/apache-doc-2.2.24-1.1.mbs1.noarch.rpm cc85757ebe750a004ff52a182a4b65fa mbs1/x86_64/apache-htcacheclean-2.2.24-1.1.mbs1.x86_64.rpm 3ec3a76edcff4cbd8eaeeaa8bb300483 mbs1/x86_64/apache-mod_authn_dbd-2.2.24-1.1.mbs1.x86_64.rpm 8fd97c4f2b51aabfa108fff17d4b154a mbs1/x86_64/apache-mod_cache-2.2.24-1.1.mbs1.x86_64.rpm cb6606caee63b2ae94fea585844e9f39 mbs1/x86_64/apache-mod_dav-2.2.24-1.1.mbs1.x86_64.rpm 7081a03666455e36c149658fefb91dba mbs1/x86_64/apache-mod_dbd-2.2.24-1.1.mbs1.x86_64.rpm 014e84c6c877dcb1b4444ebac045effe mbs1/x86_64/apache-mod_deflate-2.2.24-1.1.mbs1.x86_64.rpm a0fdc6a811ee64121814c6e9e086d546 mbs1/x86_64/apache-mod_disk_cache-2.2.24-1.1.mbs1.x86_64.rpm 3e410d0d1dc6da7fe67efc9a6a33fb3c mbs1/x86_64/apache-mod_file_cache-2.2.24-1.1.mbs1.x86_64.rpm ed41a6bf57d6567ca64384ed54cea763 mbs1/x86_64/apache-mod_ldap-2.2.24-1.1.mbs1.x86_64.rpm d961ef7af9eb98acd0858b7bd6746aca mbs1/x86_64/apache-mod_mem_cache-2.2.24-1.1.mbs1.x86_64.rpm 3acd6f496af690e779cd74993512813b mbs1/x86_64/apache-mod_proxy-2.2.24-1.1.mbs1.x86_64.rpm ad5239d84b8f48a2d0185d0bad006b2c mbs1/x86_64/apache-mod_proxy_ajp-2.2.24-1.1.mbs1.x86_64.rpm 06c6f5734141386bafa103994a25bacb mbs1/x86_64/apache-mod_proxy_scgi-2.2.24-1.1.mbs1.x86_64.rpm 53f079e111c9e1434f83a784009ea143 mbs1/x86_64/apache-mod_reqtimeout-2.2.24-1.1.mbs1.x86_64.rpm a5f9a720e0672e17d3232e9ea180b21e mbs1/x86_64/apache-mod_ssl-2.2.24-1.1.mbs1.x86_64.rpm cf9456ab4c9d7f6ec3a573402c1a6559 mbs1/x86_64/apache-mod_suexec-2.2.24-1.1.mbs1.x86_64.rpm 036916178cb1bab9bae4de436ae60569 mbs1/x86_64/apache-mod_userdir-2.2.24-1.1.mbs1.x86_64.rpm 21207fd475f04123a68979eae7f91eb4 mbs1/x86_64/apache-mpm-event-2.2.24-1.1.mbs1.x86_64.rpm 3b2550887b391541bd33f3f8df88581a mbs1/x86_64/apache-mpm-itk-2.2.24-1.1.mbs1.x86_64.rpm 191b9b501971c58c1044318c31bb99bb mbs1/x86_64/apache-mpm-peruser-2.2.24-1.1.mbs1.x86_64.rpm 5cec02e7580a81741daa156b42ba8fa5 mbs1/x86_64/apache-mpm-prefork-2.2.24-1.1.mbs1.x86_64.rpm 304228af555e4f84c70ab54bd1596fc3 mbs1/x86_64/apache-mpm-worker-2.2.24-1.1.mbs1.x86_64.rpm 153f8db6aadef3391a39fcddb568bf04 mbs1/x86_64/apache-source-2.2.24-1.1.mbs1.noarch.rpm f49443040789a8c46442c3e9393dbbe1 mbs1/SRPMS/apache-2.2.24-1.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRuwlzmqjQ0CJFipgRAlG7AKDQ3Xy7er2TqLwwKb9yOW9gCndu+gCg9q0k /Izii75hQ+sb7O4WK6l9ghI= =iyY/ -----END PGP SIGNATURE-----